(lp1
(dp2
V_score
p3
F1
sV_type
p4
Vindex-pattern
p5
sV_id
p6
Vbro*
p7
sV_source
p8
(dp9
Vfields
p10
V[{"name":"TTLs","type":"number","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"qclass_name","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"bro_timestamp","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":true,"doc_values":false},{"name":"enrichments:geo:ip_dst_addr:location_point","type":"geo_point","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"answers","type":"ip","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"enrichmentjoinbolt:joiner:ts","type":"date","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"adapter:geoadapter:begin:ts","type":"date","count":1,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"resp_mime_types","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":true,"doc_values":false},{"name":"protocol","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"original_string","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":true,"doc_values":false},{"name":"adapter:threatinteladapter:end:ts","type":"date","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"host","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"adapter:geoadapter:end:ts","type":"date","count":1,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"AA","type":"boolean","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"method","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"enrichmentsplitterbolt:splitter:end:ts","type":"date","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"query","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"enrichments:geo:ip_dst_addr:city","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"rcode","type":"number","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"adapter:hostfromjsonlistadapter:begin:ts","type":"date","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"orig_mime_types","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":true,"doc_values":false},{"name":"RA","type":"boolean","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"RD","type":"boolean","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"orig_fuids","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":true,"doc_values":false},{"name":"proto","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"adapter:threatinteladapter:begin:ts","type":"date","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"_source","type":"_source","count":0,"scripted":false,"indexed":false,"analyzed":false,"doc_values":false},{"name":"enrichments:geo:ip_dst_addr:country","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"response_body_len","type":"number","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"enrichments:geo:ip_dst_addr:locID","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"qtype_name","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"status_code","type":"number","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"_index","type":"string","count":0,"scripted":false,"indexed":false,"analyzed":false,"doc_values":false},{"name":"ip_dst_port","type":"number","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"enrichments:geo:ip_dst_addr:dmaCode","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"threatinteljoinbolt:joiner:ts","type":"date","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"rejected","type":"boolean","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"qtype","type":"number","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"enrichmentsplitterbolt:splitter:begin:ts","type":"date","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"trans_id","type":"number","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"enrichments:geo:ip_dst_addr:latitude","type":"number","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"uid","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"source:type","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"trans_depth","type":"number","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"ip_dst_addr","type":"ip","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"adapter:hostfromjsonlistadapter:end:ts","type":"date","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"Z","type":"number","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"ip_src_addr","type":"ip","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"threatintelsplitterbolt:splitter:end:ts","type":"date","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"enrichments:geo:ip_dst_addr:longitude","type":"number","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"user_agent","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":true,"doc_values":false},{"name":"qclass","type":"number","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"timestamp","type":"date","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"resp_fuids","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":true,"doc_values":false},{"name":"request_body_len","type":"number","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"enrichments:geo:ip_dst_addr:postalCode","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"uri","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"rcode_name","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"TC","type":"boolean","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"referrer","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"ip_src_port","type":"number","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"status_msg","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"threatintelsplitterbolt:splitter:begin:ts","type":"date","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"_id","type":"string","count":0,"scripted":false,"indexed":false,"analyzed":false,"doc_values":false},{"name":"_type","type":"string","count":1,"scripted":false,"indexed":false,"analyzed":false,"doc_values":false},{"name":"_score","type":"number","count":2,"scripted":false,"indexed":false,"analyzed":false,"doc_values":false}]
p11
sVtimeFieldName
p12
Vtimestamp
p13
sVtitle
p14
Vbro*
p15
ssV_index
p16
V.kibana
p17
sa(dp18
V_score
p19
F1
sV_type
p20
Vsearch
p21
sV_id
p22
Vsnort-search
p23
sV_source
p24
(dp25
Vsort
p26
(lp27
Vtimestamp
p28
aVdesc
p29
asVhits
p30
I0
sVdescription
p31
V
sVtitle
p32
VSnort Alerts
p33
sVversion
p34
I1
sVkibanaSavedObjectMeta
p35
(dp36
VsearchSourceJSON
p37
V{"index":"snort*","query":{"query_string":{"analyze_wildcard":true,"query":"*"}},"filter":[],"highlight":{"pre_tags":["@kibana-highlighted-field@"],"post_tags":["@/kibana-highlighted-field@"],"fields":{"*":{}},"require_field_match":false,"fragment_size":2147483647}}
p38
ssVcolumns
p39
(lp40
Vmsg
p41
aVsig_id
p42
aVip_src_addr
p43
aVip_src_port
p44
aVip_dst_addr
p45
aVip_dst_port
p46
assV_index
p47
V.kibana
p48
sa(dp49
V_score
p50
F1
sV_type
p51
Vsearch
p52
sV_id
p53
Vyaf-search
p54
sV_source
p55
(dp56
Vsort
p57
(lp58
Vtimestamp
p59
aVdesc
p60
asVhits
p61
I0
sVdescription
p62
V
sVtitle
p63
VYAF
p64
sVversion
p65
I1
sVkibanaSavedObjectMeta
p66
(dp67
VsearchSourceJSON
p68
V{"index":"yaf*","filter":[],"highlight":{"pre_tags":["@kibana-highlighted-field@"],"post_tags":["@/kibana-highlighted-field@"],"fields":{"*":{}},"require_field_match":false,"fragment_size":2147483647},"query":{"query_string":{"query":"*","analyze_wildcard":true}}}
p69
ssVcolumns
p70
(lp71
Vip_src_addr
p72
aVip_src_port
p73
aVip_dst_addr
p74
aVip_dst_port
p75
aVprotocol
p76
aVduration
p77
aVpkt
p78
assV_index
p79
V.kibana
p80
sa(dp81
V_score
p82
F1
sV_type
p83
Vvisualization
p84
sV_id
p85
VWelcome
p86
sV_source
p87
(dp88
VvisState
p89
V{"title":"Welcome to Apache Metron","type":"markdown","params":{"markdown":"This dashboard enables the validation of Apache Metron and the end-to-end functioning of its default sensor suite.  The default sensor suite includes [Snort](https://www.snort.org/), [Bro](https://www.bro.org/), and [YAF](https://tools.netsa.cert.org/yaf/).  One of Apache Metron's primary goals is to simplify the onboarding of additional sources of telemetry.  In a production deployment these default sensors should be replaced with ones applicable to the target environment.\u005cn\u005cnApache Metron enables disparate sources of telemetry to all be viewed under a 'single pane of glass.'  Telemetry from each of the default sensors can be searched, aggregated, summarized, and viewed within this dashboard. This dashboard should be used as a springboard upon which to create your own customized dashboards.\u005cn\u005cnThe panels below highlight the volume and variety of events that are currently being consumed by Apache Metron."},"aggs":[],"listeners":{}}
p90
sVdescription
p91
V
sVtitle
p92
VWelcome to Apache Metron
p93
sVuiStateJSON
p94
V{}
p95
sVversion
p96
I1
sVkibanaSavedObjectMeta
p97
(dp98
VsearchSourceJSON
p99
V{"query":{"query_string":{"analyze_wildcard":true,"query":"*"}},"filter":[]}
p100
sssV_index
p101
V.kibana
p102
sa(dp103
V_score
p104
F1
sV_type
p105
Vvisualization
p106
sV_id
p107
VTop-Snort-Alerts-by-Source
p108
sV_source
p109
(dp110
VvisState
p111
V{"title":"Top Snort Alerts by Source","type":"table","params":{"perPage":10,"showPartialRows":false,"showMeticsAtAllLevels":false},"aggs":[{"id":"1","type":"count","schema":"metric","params":{}},{"id":"2","type":"terms","schema":"bucket","params":{"field":"ip_src_addr","size":10,"order":"desc","orderBy":"1","customLabel":"Source IP"}}],"listeners":{}}
p112
sVdescription
p113
V
sVtitle
p114
VTop Snort Alerts by Source
p115
sVuiStateJSON
p116
V{}
p117
sVversion
p118
I1
sVkibanaSavedObjectMeta
p119
(dp120
VsearchSourceJSON
p121
V{"index":"snort*","query":{"query_string":{"query":"*","analyze_wildcard":true}},"filter":[]}
p122
sssV_index
p123
V.kibana
p124
sa(dp125
V_score
p126
F1
sV_type
p127
Vvisualization
p128
sV_id
p129
VWeb-Request-Type
p130
sV_source
p131
(dp132
VvisState
p133
V{"title":"Web Request Type","type":"pie","params":{"shareYAxis":true,"addTooltip":true,"addLegend":true,"isDonut":false},"aggs":[{"id":"1","type":"count","schema":"metric","params":{}},{"id":"2","type":"terms","schema":"segment","params":{"field":"method","size":5,"order":"desc","orderBy":"1"}}],"listeners":{}}
p134
sVdescription
p135
V
sVtitle
p136
VWeb Request Type
p137
sVuiStateJSON
p138
V{}
p139
sVversion
p140
I1
sVsavedSearchId
p141
Vweb-search
p142
sVkibanaSavedObjectMeta
p143
(dp144
VsearchSourceJSON
p145
V{"filter":[]}
p146
sssV_index
p147
V.kibana
p148
sa(dp149
V_score
p150
F1
sV_type
p151
Vconfig
p152
sV_id
p153
V4.5.1
p154
sV_source
p155
(dp156
VbuildNum
p157
I9892
sVdefaultIndex
p158
Vbro*
p159
ssV_index
p160
V.kibana
p161
sa(dp162
V_score
p163
F1
sV_type
p164
Vvisualization
p165
sV_id
p166
VErrors-By-Hostname
p167
sV_source
p168
(dp169
VvisState
p170
V{\u000a  "title": "Errors By Error Type",\u000a  "type": "histogram",\u000a  "params": {\u000a    "addLegend": true,\u000a    "addTimeMarker": false,\u000a    "addTooltip": true,\u000a    "defaultYExtents": false,\u000a    "mode": "grouped",\u000a    "scale": "linear",\u000a    "setYExtents": false,\u000a    "shareYAxis": true,\u000a    "times": [],\u000a    "yAxis": {}\u000a  },\u000a  "aggs": [\u000a    {\u000a      "id": "1",\u000a      "type": "count",\u000a      "schema": "metric",\u000a      "params": {\u000a        "customLabel": "Count"\u000a      }\u000a    },\u000a    {\u000a      "id": "2",\u000a      "type": "terms",\u000a      "schema": "segment",\u000a      "params": {\u000a        "field": "hostname",\u000a        "size": 5,\u000a        "order": "desc",\u000a        "orderBy": "1"\u000a      }\u000a    },\u000a    {\u000a      "id": "4",\u000a      "type": "cardinality",\u000a      "schema": "metric",\u000a      "params": {\u000a        "field": "error_hash",\u000a        "customLabel": "Unique Datapoint Count"\u000a      }\u000a    }\u000a  ],\u000a  "listeners": {}\u000a}
p171
sVdescription
p172
V
sVtitle
p173
VErrors By Hostname
p174
sVuiStateJSON
p175
V{\u000a  "vis": {\u000a    "colors": {\u000a      "Unique Datapoint Count": "#9AC48A",\u000a      "Count": "#629E51"\u000a    }\u000a  }\u000a}
p176
sVversion
p177
I1
sVkibanaSavedObjectMeta
p178
(dp179
VsearchSourceJSON
p180
V{\u000a  "index": "error*",\u000a  "query": {\u000a    "query_string": {\u000a      "analyze_wildcard": true,\u000a      "query": "*"\u000a    }\u000a  },\u000a  "filter": []\u000a}
p181
sssV_index
p182
V.kibana
p183
sa(dp184
V_score
p185
F1
sV_type
p186
Vvisualization
p187
sV_id
p188
VWeb-Request-Header
p189
sV_source
p190
(dp191
VvisState
p192
V{"title":"Web Request Header","type":"markdown","params":{"markdown":"The [Bro Network Security Monitor](https://www.bro.org/) is extracting application-level information from raw network packets.  In this example, Bro is extracting HTTP(S) requests being made over the network. "},"aggs":[],"listeners":{}}
p193
sVdescription
p194
V
sVtitle
p195
VWeb Request Header
p196
sVuiStateJSON
p197
V{}
p198
sVversion
p199
I1
sVkibanaSavedObjectMeta
p200
(dp201
VsearchSourceJSON
p202
V{"query":{"query_string":{"query":"*","analyze_wildcard":true}},"filter":[]}
p203
sssV_index
p204
V.kibana
p205
sa(dp206
V_score
p207
F1
sV_type
p208
Vvisualization
p209
sV_id
p210
VError-Type-Proportion
p211
sV_source
p212
(dp213
VvisState
p214
V{"title":"Error Type Proportion","type":"pie","params":{"shareYAxis":true,"addTooltip":true,"addLegend":true,"isDonut":false},"aggs":[{"id":"1","type":"count","schema":"metric","params":{}},{"id":"2","type":"terms","schema":"segment","params":{"field":"error_type","size":5,"order":"desc","orderBy":"1"}}],"listeners":{}}
p215
sVdescription
p216
V
sVtitle
p217
VError Type Proportion
p218
sVuiStateJSON
p219
V{}
p220
sVversion
p221
I1
sVkibanaSavedObjectMeta
p222
(dp223
VsearchSourceJSON
p224
V{"index":"error*","query":{"query_string":{"query":"*","analyze_wildcard":true}},"filter":[]}
p225
sssV_index
p226
V.kibana
p227
sa(dp228
V_score
p229
F1
sV_type
p230
Vvisualization
p231
sV_id
p232
VFlow-Duration
p233
sV_source
p234
(dp235
VvisState
p236
V{"title":"Flow Duration","type":"area","params":{"shareYAxis":true,"addTooltip":true,"addLegend":true,"smoothLines":false,"scale":"linear","interpolate":"linear","mode":"stacked","times":[],"addTimeMarker":false,"defaultYExtents":false,"setYExtents":false,"yAxis":{}},"aggs":[{"id":"1","type":"count","schema":"metric","params":{}},{"id":"2","type":"histogram","schema":"segment","params":{"field":"duration","interval":10,"extended_bounds":{},"customLabel":"Flow Duration (seconds)"}}],"listeners":{}}
p237
sVdescription
p238
V
sVtitle
p239
VFlow Duration
p240
sVuiStateJSON
p241
V{"vis":{"legendOpen":false}}
p242
sVversion
p243
I1
sVkibanaSavedObjectMeta
p244
(dp245
VsearchSourceJSON
p246
V{"index":"yaf*","query":{"query_string":{"query":"*","analyze_wildcard":true}},"filter":[]}
p247
sssV_index
p248
V.kibana
p249
sa(dp250
V_score
p251
F1
sV_type
p252
Vvisualization
p253
sV_id
p254
VErrors-By-Source
p255
sV_source
p256
(dp257
VvisState
p258
V{"title":"Errors By Source","type":"histogram","params":{"shareYAxis":true,"addTooltip":true,"addLegend":true,"scale":"linear","mode":"stacked","times":[],"addTimeMarker":false,"defaultYExtents":false,"setYExtents":false,"yAxis":{}},"aggs":[{"id":"1","type":"count","schema":"metric","params":{}},{"id":"2","type":"terms","schema":"segment","params":{"field":"source_type","size":5,"order":"desc","orderBy":"1","customLabel":"Source"}}],"listeners":{}}
p259
sVdescription
p260
V
sVtitle
p261
VErrors By Source
p262
sVuiStateJSON
p263
V{}
p264
sVversion
p265
I1
sVkibanaSavedObjectMeta
p266
(dp267
VsearchSourceJSON
p268
V{"index":"error*","query":{"query_string":{"query":"*","analyze_wildcard":true}},"filter":[]}
p269
sssV_index
p270
V.kibana
p271
sa(dp272
V_score
p273
F1
sV_type
p274
Vvisualization
p275
sV_id
p276
VEvents
p277
sV_source
p278
(dp279
VvisState
p280
V{"title":"Events","type":"histogram","params":{"shareYAxis":true,"addTooltip":true,"addLegend":true,"scale":"linear","mode":"stacked","times":[],"addTimeMarker":false,"defaultYExtents":false,"setYExtents":false,"yAxis":{}},"aggs":[{"id":"1","type":"count","schema":"metric","params":{}},{"id":"2","type":"date_histogram","schema":"segment","params":{"field":"timestamp","interval":"auto","customInterval":"2h","min_doc_count":1,"extended_bounds":{}}},{"id":"3","type":"terms","schema":"group","params":{"field":"source:type","size":5,"order":"desc","orderBy":"1"}}],"listeners":{}}
p281
sVdescription
p282
V
sVtitle
p283
VEvents
p284
sVuiStateJSON
p285
V{"vis":{"legendOpen":false}}
p286
sVversion
p287
I1
sVkibanaSavedObjectMeta
p288
(dp289
VsearchSourceJSON
p290
V{"index":["yaf*","bro*","snort*"],"query":{"query_string":{"query":"*","analyze_wildcard":true}},"filter":[]}
p291
sssV_index
p292
V.kibana
p293
sa(dp294
V_score
p295
F1
sV_type
p296
Vvisualization
p297
sV_id
p298
VError-Hostname-Proportion
p299
sV_source
p300
(dp301
VvisState
p302
V{"aggs":[{"id":"1","params":{},"schema":"metric","type":"count"},{"id":"2","params":{"customLabel":"Sensor","field":"hostname","order":"desc","orderBy":"1","size":5},"schema":"segment","type":"terms"}],"listeners":{},"params":{"addLegend":true,"addTooltip":true,"isDonut":false,"shareYAxis":true},"title":"Error Source Proportion","type":"pie"}
p303
sVdescription
p304
V
sVtitle
p305
VError Hostname Proportion
p306
sVuiStateJSON
p307
V{"vis":{"colors":{"host":"#629E51","host2":"#9AC48A","hostAnother":"#7EB26D","hostNew":"#B7DBAB"}}}
p308
sVversion
p309
I1
sVkibanaSavedObjectMeta
p310
(dp311
VsearchSourceJSON
p312
V{"index":"error*","query":{"query_string":{"analyze_wildcard":true,"query":"*"}},"filter":[]}
p313
sssV_index
p314
V.kibana
p315
sa(dp316
V_score
p317
F1
sV_type
p318
Vvisualization
p319
sV_id
p320
VUnique-Error-Messages
p321
sV_source
p322
(dp323
VvisState
p324
V{\u000a  "title": "Total Unique Error Messages",\u000a  "type": "metric",\u000a  "params": {\u000a    "handleNoResults": true,\u000a    "fontSize": 60\u000a  },\u000a  "aggs": [\u000a    {\u000a      "id": "1",\u000a      "type": "cardinality",\u000a      "schema": "metric",\u000a      "params": {\u000a        "field": "error_hash",\u000a        "customLabel": "Unique Error Messages"\u000a      }\u000a    }\u000a  ],\u000a  "listeners": {}\u000a}
p325
sVdescription
p326
V
sVtitle
p327
VUnique Error Messages
p328
sVuiStateJSON
p329
V{}
p330
sVversion
p331
I1
sVkibanaSavedObjectMeta
p332
(dp333
VsearchSourceJSON
p334
V{\u000a  "index": "error*",\u000a  "query": {\u000a    "query_string": {\u000a      "query": "*",\u000a      "analyze_wildcard": true\u000a    }\u000a  },\u000a  "filter": []\u000a}
p335
sssV_index
p336
V.kibana
p337
sa(dp338
V_score
p339
F1
sV_type
p340
Vvisualization
p341
sV_id
p342
VErrors-By-Error-Type
p343
sV_source
p344
(dp345
VvisState
p346
V{\u000a  "title": "Errors By Error Type",\u000a  "type": "histogram",\u000a  "params": {\u000a    "addLegend": true,\u000a    "addTimeMarker": false,\u000a    "addTooltip": true,\u000a    "defaultYExtents": false,\u000a    "mode": "grouped",\u000a    "scale": "linear",\u000a    "setYExtents": false,\u000a    "shareYAxis": true,\u000a    "times": [],\u000a    "yAxis": {}\u000a  },\u000a  "aggs": [\u000a    {\u000a      "id": "1",\u000a      "type": "count",\u000a      "schema": "metric",\u000a      "params": {\u000a        "customLabel": "Count"\u000a      }\u000a    },\u000a    {\u000a      "id": "2",\u000a      "type": "terms",\u000a      "schema": "segment",\u000a      "params": {\u000a        "field": "error_type",\u000a        "size": 5,\u000a        "order": "desc",\u000a        "orderBy": "1"\u000a      }\u000a    },\u000a    {\u000a      "id": "4",\u000a      "type": "cardinality",\u000a      "schema": "metric",\u000a      "params": {\u000a        "field": "error_hash",\u000a        "customLabel": "Unique Datapoint Count"\u000a      }\u000a    }\u000a  ],\u000a  "listeners": {}\u000a}
p347
sVdescription
p348
V
sVtitle
p349
VErrors By Error Type
p350
sVuiStateJSON
p351
V{\u000a  "vis": {\u000a    "colors": {\u000a      "Unique Datapoint Count": "#806EB7",\u000a      "Count": "#614D93"\u000a    }\u000a  }\u000a}
p352
sVversion
p353
I1
sVkibanaSavedObjectMeta
p354
(dp355
VsearchSourceJSON
p356
V{\u000a  "index": "error*",\u000a  "query": {\u000a    "query_string": {\u000a      "analyze_wildcard": true,\u000a      "query": "*"\u000a    }\u000a  },\u000a  "filter": []\u000a}
p357
sssV_index
p358
V.kibana
p359
sa(dp360
V_score
p361
F1
sV_type
p362
Vsearch
p363
sV_id
p364
VErrors
p365
sV_source
p366
(dp367
Vsort
p368
(lp369
Vtimestamp
p370
aVdesc
p371
asVhits
p372
I0
sVdescription
p373
V
sVtitle
p374
VErrors
p375
sVversion
p376
I1
sVkibanaSavedObjectMeta
p377
(dp378
VsearchSourceJSON
p379
V{"index":"error*","query":{"query_string":{"analyze_wildcard":true,"query":"*"}},"filter":[],"highlight":{"pre_tags":["@kibana-highlighted-field@"],"post_tags":["@/kibana-highlighted-field@"],"fields":{"*":{}},"require_field_match":false,"fragment_size":2147483647}}
p380
ssVcolumns
p381
(lp382
Vfailed_sensor_type
p383
aVerror_type
p384
aVexception
p385
aVhostname
p386
aVmessage
p387
aVraw_message
p388
aVerror_hash
p389
assV_index
p390
V.kibana
p391
sa(dp392
V_score
p393
F1
sV_type
p394
Vvisualization
p395
sV_id
p396
VSnort-Header
p397
sV_source
p398
(dp399
VvisState
p400
V{"title":"Snort","type":"markdown","params":{"markdown":"[Snort](https://www.snort.org/) is a Network Intrusion Detection System (NIDS) that is being used to generate alerts identifying known bad events.  Snort relies on a fixed set of rules that act as signatures for identifying abnormal events."},"aggs":[],"listeners":{}}
p401
sVdescription
p402
V
sVtitle
p403
VSnort
p404
sVuiStateJSON
p405
V{}
p406
sVversion
p407
I1
sVkibanaSavedObjectMeta
p408
(dp409
VsearchSourceJSON
p410
V{"query":{"query_string":{"query":"*","analyze_wildcard":true}},"filter":[]}
p411
sssV_index
p412
V.kibana
p413
sa(dp414
V_score
p415
F1
sV_type
p416
Vvisualization
p417
sV_id
p418
VYAF-Flow(s)
p419
sV_source
p420
(dp421
VvisState
p422
V{"title":"YAF Flows","type":"metric","params":{"handleNoResults":true,"fontSize":60},"aggs":[{"id":"1","type":"count","schema":"metric","params":{}}],"listeners":{}}
p423
sVdescription
p424
V
sVtitle
p425
VYAF Flows
p426
sVuiStateJSON
p427
V{}
p428
sVversion
p429
I1
sVkibanaSavedObjectMeta
p430
(dp431
VsearchSourceJSON
p432
V{"index":"yaf*","query":{"query_string":{"query":"*","analyze_wildcard":true}},"filter":[]}
p433
sssV_index
p434
V.kibana
p435
sa(dp436
V_score
p437
F1
sV_type
p438
Vvisualization
p439
sV_id
p440
VTop-DNS-Query
p441
sV_source
p442
(dp443
VvisState
p444
V{"title":"Top DNS Query","type":"table","params":{"perPage":10,"showPartialRows":false,"showMeticsAtAllLevels":false},"aggs":[{"id":"1","type":"count","schema":"metric","params":{}},{"id":"2","type":"terms","schema":"bucket","params":{"field":"query","size":10,"order":"desc","orderBy":"1"}}],"listeners":{}}
p445
sVdescription
p446
V
sVtitle
p447
VTop DNS Query
p448
sVuiStateJSON
p449
V{}
p450
sVversion
p451
I1
sVkibanaSavedObjectMeta
p452
(dp453
VsearchSourceJSON
p454
V{"index":"bro*","query":{"query_string":{"query":"*","analyze_wildcard":true}},"filter":[]}
p455
sssV_index
p456
V.kibana
p457
sa(dp458
V_score
p459
F1
sV_type
p460
Vvisualization
p461
sV_id
p462
VEvent-Types
p463
sV_source
p464
(dp465
VvisState
p466
V{"title":"Event Sources","type":"pie","params":{"shareYAxis":true,"addTooltip":true,"addLegend":true,"isDonut":false},"aggs":[{"id":"1","type":"count","schema":"metric","params":{}},{"id":"2","type":"terms","schema":"segment","params":{"field":"source:type","size":10,"order":"desc","orderBy":"1"}}],"listeners":{}}
p467
sVdescription
p468
V
sVtitle
p469
VEvent Sources
p470
sVuiStateJSON
p471
V{}
p472
sVversion
p473
I1
sVkibanaSavedObjectMeta
p474
(dp475
VsearchSourceJSON
p476
V{"index":["yaf*","bro*","snort*"],"query":{"query_string":{"query":"*","analyze_wildcard":true}},"filter":[]}
p477
sssV_index
p478
V.kibana
p479
sa(dp480
V_score
p481
F1
sV_type
p482
Vvisualization
p483
sV_id
p484
VTotal-Events
p485
sV_source
p486
(dp487
VvisState
p488
V{"title":"Event Count","type":"metric","params":{"handleNoResults":true,"fontSize":60},"aggs":[{"id":"1","type":"count","schema":"metric","params":{"customLabel":"Events"}}],"listeners":{}}
p489
sVdescription
p490
V
sVtitle
p491
VEvent Count
p492
sVuiStateJSON
p493
V{}
p494
sVversion
p495
I1
sVkibanaSavedObjectMeta
p496
(dp497
VsearchSourceJSON
p498
V{"index":["yaf*","bro*","snort*"],"query":{"query_string":{"query":"*","analyze_wildcard":true}},"filter":[]}
p499
sssV_index
p500
V.kibana
p501
sa(dp502
V_score
p503
F1
sV_type
p504
Vvisualization
p505
sV_id
p506
VUnique-Location(s)
p507
sV_source
p508
(dp509
VvisState
p510
V{"title":"Geo-IP Locations","type":"metric","params":{"handleNoResults":true,"fontSize":60},"aggs":[{"id":"1","type":"cardinality","schema":"metric","params":{"field":"enrichments:geo:ip_src_addr:locID","customLabel":"Unique Location(s)"}}],"listeners":{}}
p511
sVdescription
p512
V
sVtitle
p513
VGeo-IP Locations
p514
sVuiStateJSON
p515
V{}
p516
sVversion
p517
I1
sVkibanaSavedObjectMeta
p518
(dp519
VsearchSourceJSON
p520
V{"index":["yaf*","bro*","snort*"],"query":{"query_string":{"query":"*","analyze_wildcard":true}},"filter":[]}
p521
sssV_index
p522
V.kibana
p523
sa(dp524
V_score
p525
F1
sV_type
p526
Vvisualization
p527
sV_id
p528
VTop-Alerts-By-Host
p529
sV_source
p530
(dp531
VvisState
p532
V{"title":"Top Alerts By Host","type":"table","params":{"perPage":10,"showPartialRows":false,"showMeticsAtAllLevels":false},"aggs":[{"id":"1","type":"count","schema":"metric","params":{}},{"id":"2","type":"terms","schema":"bucket","params":{"field":"ip_src_addr","size":5,"order":"desc","orderBy":"1","customLabel":"Source"}},{"id":"3","type":"terms","schema":"bucket","params":{"field":"ip_dst_addr","size":5,"order":"desc","orderBy":"1","customLabel":"Destination"}}],"listeners":{}}
p533
sVdescription
p534
V
sVtitle
p535
VTop Alerts By Host
p536
sVuiStateJSON
p537
V{}
p538
sVversion
p539
I1
sVsavedSearchId
p540
Vsnort-search
p541
sVkibanaSavedObjectMeta
p542
(dp543
VsearchSourceJSON
p544
V{"filter":[]}
p545
sssV_index
p546
V.kibana
p547
sa(dp548
V_score
p549
F1
sV_type
p550
Vvisualization
p551
sV_id
p552
VTotal-Error-Messages
p553
sV_source
p554
(dp555
VvisState
p556
V{"title":"Total Errored Messages","type":"metric","params":{"handleNoResults":true,"fontSize":60},"aggs":[{"id":"1","type":"count","schema":"metric","params":{"customLabel":"Total Error Messages"}}],"listeners":{}}
p557
sVdescription
p558
V
sVtitle
p559
VTotal Error Messages
p560
sVuiStateJSON
p561
V{}
p562
sVversion
p563
I1
sVkibanaSavedObjectMeta
p564
(dp565
VsearchSourceJSON
p566
V{"index":"error*","query":{"query_string":{"query":"*","analyze_wildcard":true}},"filter":[]}
p567
sssV_index
p568
V.kibana
p569
sa(dp570
V_score
p571
F1
sV_type
p572
Vvisualization
p573
sV_id
p574
VErrors-By-Source-Type
p575
sV_source
p576
(dp577
VvisState
p578
V{\u000a  "title": "Errors By Source Type",\u000a  "type": "histogram",\u000a  "params": {\u000a    "shareYAxis": true,\u000a    "addTooltip": true,\u000a    "addLegend": true,\u000a    "scale": "linear",\u000a    "mode": "grouped",\u000a    "times": [],\u000a    "addTimeMarker": false,\u000a    "defaultYExtents": false,\u000a    "setYExtents": false,\u000a    "yAxis": {}\u000a  },\u000a  "aggs": [\u000a    {\u000a      "id": "1",\u000a      "type": "count",\u000a      "schema": "metric",\u000a      "params": {\u000a        "customLabel": "Count"\u000a      }\u000a    },\u000a    {\u000a      "id": "2",\u000a      "type": "terms",\u000a      "schema": "segment",\u000a      "params": {\u000a        "field": "failed_sensor_type",\u000a        "size": 5,\u000a        "order": "desc",\u000a        "orderBy": "1"\u000a      }\u000a    },\u000a    {\u000a      "id": "4",\u000a      "type": "cardinality",\u000a      "schema": "metric",\u000a      "params": {\u000a        "field": "error_hash",\u000a        "customLabel": "Unique Datapoint Count"\u000a      }\u000a    }\u000a  ],\u000a  "listeners": {}\u000a}
p579
sVdescription
p580
V
sVtitle
p581
VErrors By Source Type
p582
sVuiStateJSON
p583
V{\u000a  "vis": {\u000a    "colors": {\u000a      "Unique Datapoint Count": "#0A50A1",\u000a      "Count": "#5195CE"\u000a    }\u000a  }\u000a}
p584
sVversion
p585
I1
sVkibanaSavedObjectMeta
p586
(dp587
VsearchSourceJSON
p588
V{\u000a  "index": "error*",\u000a  "query": {\u000a    "query_string": {\u000a      "analyze_wildcard": true,\u000a      "query": "*"\u000a    }\u000a  },\u000a  "filter": []\u000a}
p589
sssV_index
p590
V.kibana
p591
sa(dp592
V_score
p593
F1
sV_type
p594
Vvisualization
p595
sV_id
p596
VError-Histogram-By-Sensor-Type
p597
sV_source
p598
(dp599
VvisState
p600
V{"title":"Error Histogram By Sensor Type","type":"histogram","params":{"shareYAxis":true,"addTooltip":true,"addLegend":true,"scale":"linear","mode":"grouped","times":[],"addTimeMarker":false,"defaultYExtents":false,"setYExtents":false,"yAxis":{}},"aggs":[{"id":"1","type":"count","schema":"metric","params":{}},{"id":"2","type":"date_histogram","schema":"segment","params":{"field":"timestamp","interval":"auto","customInterval":"2h","min_doc_count":1,"extended_bounds":{},"customLabel":"Time"}},{"id":"3","type":"terms","schema":"group","params":{"field":"failed_sensor_type","size":5,"order":"desc","orderBy":"1"}}],"listeners":{}}
p601
sVdescription
p602
V
sVtitle
p603
VError Histogram By Sensor Type
p604
sVuiStateJSON
p605
V{}
p606
sVversion
p607
I1
sVsavedSearchId
p608
VErrors
p609
sVkibanaSavedObjectMeta
p610
(dp611
VsearchSourceJSON
p612
V{"filter":[]}
p613
sssV_index
p614
V.kibana
p615
sa(dp616
V_score
p617
F1
sV_type
p618
Vdashboard
p619
sV_id
p620
VMetron-Dashboard
p621
sV_source
p622
(dp623
Vhits
p624
I0
sVtimeRestore
p625
I00
sVdescription
p626
V
sVtitle
p627
VMetron Dashboard
p628
sVuiStateJSON
p629
V{"P-23":{"spy":{"mode":{"name":null,"fill":false}}},"P-34":{"vis":{"legendOpen":false}}}
p630
sVpanelsJSON
p631
V[{"col":1,"id":"Welcome","panelIndex":30,"row":1,"size_x":11,"size_y":2,"type":"visualization"},{"col":1,"id":"Total-Events","panelIndex":6,"row":3,"size_x":3,"size_y":2,"type":"visualization"},{"col":4,"id":"Events","panelIndex":16,"row":3,"size_x":8,"size_y":4,"type":"visualization"},{"col":1,"id":"Event-Types","panelIndex":15,"row":5,"size_x":3,"size_y":2,"type":"visualization"},{"col":1,"id":"Location-Header","panelIndex":24,"row":7,"size_x":3,"size_y":2,"type":"visualization"},{"col":1,"id":"Unique-Location(s)","panelIndex":23,"row":9,"size_x":3,"size_y":2,"type":"visualization"},{"col":4,"id":"Flow-Locations","panelIndex":32,"row":7,"size_x":8,"size_y":6,"type":"visualization"},{"col":1,"id":"Country","panelIndex":8,"row":11,"size_x":3,"size_y":2,"type":"visualization"},{"col":1,"id":"YAF-Flows-Header","panelIndex":27,"row":13,"size_x":3,"size_y":2,"type":"visualization"},{"col":1,"id":"YAF-Flow(s)","panelIndex":21,"row":15,"size_x":3,"size_y":2,"type":"visualization"},{"col":4,"columns":["ip_src_addr","ip_src_port","ip_dst_addr","ip_dst_port","protocol","duration","pkt"],"id":"yaf-search","panelIndex":20,"row":13,"size_x":8,"size_y":6,"sort":["duration","desc"],"type":"search"},{"col":1,"id":"Flow-Duration","panelIndex":31,"row":17,"size_x":3,"size_y":2,"type":"visualization"},{"col":1,"id":"Snort-Header","panelIndex":25,"row":19,"size_x":3,"size_y":2,"type":"visualization"},{"col":4,"columns":["msg","sig_id","ip_src_addr","ip_src_port","ip_dst_addr","ip_dst_port"],"id":"snort-search","panelIndex":3,"row":19,"size_x":8,"size_y":6,"sort":["timestamp","desc"],"type":"search"},{"col":1,"id":"Snort-Alert-Types","panelIndex":10,"row":21,"size_x":3,"size_y":2,"type":"visualization"},{"col":1,"id":"Top-Alerts-By-Host","panelIndex":19,"row":23,"size_x":3,"size_y":2,"type":"visualization"},{"col":1,"id":"Web-Request-Header","panelIndex":26,"row":25,"size_x":3,"size_y":2,"type":"visualization"},{"col":4,"columns":["method","host","uri","referrer","user_agent","ip_src_addr","ip_dst_addr"],"id":"web-search","panelIndex":4,"row":25,"size_x":8,"size_y":6,"sort":["timestamp","desc"],"type":"search"},{"col":1,"id":"HTTP(S)-Requests","panelIndex":17,"row":27,"size_x":3,"size_y":2,"type":"visualization"},{"col":1,"id":"DNS-Requests-Header","panelIndex":29,"row":31,"size_x":3,"size_y":2,"type":"visualization"},{"col":4,"columns":["query","qtype_name","answers","ip_src_addr","ip_dst_addr"],"id":"dns-search","panelIndex":5,"row":31,"size_x":8,"size_y":6,"sort":["timestamp","desc"],"type":"search"},{"col":1,"id":"DNS-Request(s)","panelIndex":14,"row":33,"size_x":3,"size_y":2,"type":"visualization"},{"col":1,"id":"Web-Request-Type","panelIndex":33,"row":29,"size_x":3,"size_y":2,"type":"visualization"}]
p632
sVoptionsJSON
p633
V{"darkTheme":false}
p634
sVversion
p635
I1
sVkibanaSavedObjectMeta
p636
(dp637
VsearchSourceJSON
p638
V{"filter":[{"query":{"query_string":{"analyze_wildcard":true,"query":"*"}}}]}
p639
sssV_index
p640
V.kibana
p641
sa(dp642
V_score
p643
F1
sV_type
p644
Vindex-pattern
p645
sV_id
p646
Vsnort*
p647
sV_source
p648
(dp649
Vfields
p650
V[{"name":"msg","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":true,"doc_values":false},{"name":"enrichments:geo:ip_dst_addr:location_point","type":"geo_point","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"dgmlen","type":"number","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"enrichments:geo:ip_src_addr:longitude","type":"number","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"enrichmentjoinbolt:joiner:ts","type":"date","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"enrichments:geo:ip_src_addr:dmaCode","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"adapter:geoadapter:begin:ts","type":"date","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"tcpack","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":true,"doc_values":false},{"name":"protocol","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"adapter:threatinteladapter:end:ts","type":"date","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"enrichments:geo:ip_src_addr:locID","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"original_string","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":true,"doc_values":false},{"name":"adapter:geoadapter:end:ts","type":"date","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"id","type":"number","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"enrichments:geo:ip_src_addr:location_point","type":"geo_point","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"enrichmentsplitterbolt:splitter:end:ts","type":"date","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"enrichments:geo:ip_dst_addr:city","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"adapter:hostfromjsonlistadapter:begin:ts","type":"date","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"enrichments:geo:ip_src_addr:postalCode","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"ethlen","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"threat:triage:level","type":"number","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"tcpflags","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":true,"doc_values":false},{"name":"adapter:threatinteladapter:begin:ts","type":"date","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"_source","type":"_source","count":0,"scripted":false,"indexed":false,"analyzed":false,"doc_values":false},{"name":"enrichments:geo:ip_dst_addr:country","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"enrichments:geo:ip_dst_addr:locID","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"_index","type":"string","count":0,"scripted":false,"indexed":false,"analyzed":false,"doc_values":false},{"name":"ip_dst_port","type":"number","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"threatinteljoinbolt:joiner:ts","type":"date","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"enrichments:geo:ip_dst_addr:dmaCode","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"sig_rev","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":true,"doc_values":false},{"name":"ethsrc","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"tcpseq","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":true,"doc_values":false},{"name":"enrichmentsplitterbolt:splitter:begin:ts","type":"date","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"tcpwindow","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":true,"doc_values":false},{"name":"enrichments:geo:ip_dst_addr:latitude","type":"number","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"source:type","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"ip_dst_addr","type":"ip","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"adapter:hostfromjsonlistadapter:end:ts","type":"date","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"tos","type":"number","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"ip_src_addr","type":"ip","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"threatintelsplitterbolt:splitter:end:ts","type":"date","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"enrichments:geo:ip_src_addr:latitude","type":"number","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"enrichments:geo:ip_dst_addr:longitude","type":"number","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"timestamp","type":"date","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"ethdst","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"enrichments:geo:ip_dst_addr:postalCode","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"is_alert","type":"boolean","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"enrichments:geo:ip_src_addr:country","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"ttl","type":"number","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"iplen","type":"number","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"ip_src_port","type":"number","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"threatintelsplitterbolt:splitter:begin:ts","type":"date","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"sig_id","type":"number","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"sig_generator","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"enrichments:geo:ip_src_addr:city","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"_id","type":"string","count":0,"scripted":false,"indexed":false,"analyzed":false,"doc_values":false},{"name":"_type","type":"string","count":0,"scripted":false,"indexed":false,"analyzed":false,"doc_values":false},{"name":"_score","type":"number","count":0,"scripted":false,"indexed":false,"analyzed":false,"doc_values":false}]
p651
sVtimeFieldName
p652
Vtimestamp
p653
sVtitle
p654
Vsnort*
p655
ssV_index
p656
V.kibana
p657
sa(dp658
V_score
p659
F1
sV_type
p660
Vindex-pattern
p661
sV_id
p662
Vyaf*
p663
sV_source
p664
(dp665
Vfields
p666
V[{"name":"enrichments:geo:ip_dst_addr:location_point","type":"geo_point","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"isn","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"enrichmentjoinbolt:joiner:ts","type":"date","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"dip","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"adapter:geoadapter:begin:ts","type":"date","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"dp","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"protocol","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":true,"doc_values":false},{"name":"rpkt","type":"number","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"original_string","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":true,"doc_values":false},{"name":"adapter:threatinteladapter:end:ts","type":"date","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"adapter:geoadapter:end:ts","type":"date","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"tag","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"app","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"oct","type":"number","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"end_reason","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":true,"doc_values":false},{"name":"enrichmentsplitterbolt:splitter:end:ts","type":"date","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"enrichments:geo:ip_dst_addr:city","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"adapter:hostfromjsonlistadapter:begin:ts","type":"date","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"start_time","type":"date","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"riflags","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":true,"doc_values":false},{"name":"proto","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"adapter:threatinteladapter:begin:ts","type":"date","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"_source","type":"_source","count":0,"scripted":false,"indexed":false,"analyzed":false,"doc_values":false},{"name":"enrichments:geo:ip_dst_addr:country","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"enrichments:geo:ip_dst_addr:locID","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"iflags","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"_index","type":"string","count":0,"scripted":false,"indexed":false,"analyzed":false,"doc_values":false},{"name":"ip_dst_port","type":"number","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"enrichments:geo:ip_dst_addr:dmaCode","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"threatinteljoinbolt:joiner:ts","type":"date","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"uflags","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"enrichmentsplitterbolt:splitter:begin:ts","type":"date","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"enrichments:geo:ip_dst_addr:latitude","type":"number","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"duration","type":"number","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"source:type","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"ip_dst_addr","type":"ip","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"pkt","type":"number","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"adapter:hostfromjsonlistadapter:end:ts","type":"date","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"ruflags","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"roct","type":"number","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"sip","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"sp","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"ip_src_addr","type":"ip","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"rtag","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"threatintelsplitterbolt:splitter:end:ts","type":"date","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"enrichments:geo:ip_dst_addr:longitude","type":"number","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"timestamp","type":"date","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"end-reason","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":true,"doc_values":false},{"name":"risn","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"end_time","type":"date","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"enrichments:geo:ip_dst_addr:postalCode","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"rtt","type":"number","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"ip_src_port","type":"number","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"threatintelsplitterbolt:splitter:begin:ts","type":"date","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"_id","type":"string","count":0,"scripted":false,"indexed":false,"analyzed":false,"doc_values":false},{"name":"_type","type":"string","count":0,"scripted":false,"indexed":false,"analyzed":false,"doc_values":false},{"name":"_score","type":"number","count":0,"scripted":false,"indexed":false,"analyzed":false,"doc_values":false}]
p667
sVtimeFieldName
p668
Vtimestamp
p669
sVtitle
p670
Vyaf*
p671
ssV_index
p672
V.kibana
p673
sa(dp674
V_score
p675
F1
sV_type
p676
Vsearch
p677
sV_id
p678
Vweb-search
p679
sV_source
p680
(dp681
Vsort
p682
(lp683
Vtimestamp
p684
aVdesc
p685
asVhits
p686
I0
sVdescription
p687
V
sVtitle
p688
VWeb Requests
p689
sVversion
p690
I1
sVkibanaSavedObjectMeta
p691
(dp692
VsearchSourceJSON
p693
V{"index":"bro*","query":{"query_string":{"query":"protocol: http OR protocol: https","analyze_wildcard":true}},"filter":[],"highlight":{"pre_tags":["@kibana-highlighted-field@"],"post_tags":["@/kibana-highlighted-field@"],"fields":{"*":{}},"require_field_match":false,"fragment_size":2147483647}}
p694
ssVcolumns
p695
(lp696
Vmethod
p697
aVhost
p698
aVuri
p699
aVreferrer
p700
aVip_src_addr
p701
aVip_dst_addr
p702
assV_index
p703
V.kibana
p704
sa(dp705
V_score
p706
F1
sV_type
p707
Vvisualization
p708
sV_id
p709
VLocation-Header
p710
sV_source
p711
(dp712
VvisState
p713
V{"title":"Enrichment","type":"markdown","params":{"markdown":"Apache Metron can perform real-time enrichment of telemetry data as it is consumed. To highlight this feature, all of the IP address fields collected from the default sensor suite were used to perform geo-ip lookups.  This data was then used to pinpoint each location on the map."},"aggs":[],"listeners":{}}
p714
sVdescription
p715
V
sVtitle
p716
VEnrichment
p717
sVuiStateJSON
p718
V{}
p719
sVversion
p720
I1
sVkibanaSavedObjectMeta
p721
(dp722
VsearchSourceJSON
p723
V{"query":{"query_string":{"query":"*","analyze_wildcard":true}},"filter":[]}
p724
sssV_index
p725
V.kibana
p726
sa(dp727
V_score
p728
F1
sV_type
p729
Vvisualization
p730
sV_id
p731
VSnort-Alert-Types
p732
sV_source
p733
(dp734
VvisState
p735
V{"title":"Snort Alert Types","type":"metric","params":{"handleNoResults":true,"fontSize":60},"aggs":[{"id":"1","type":"cardinality","schema":"metric","params":{"field":"sig_id","customLabel":"Alert Type(s)"}}],"listeners":{}}
p736
sVdescription
p737
V
sVtitle
p738
VSnort Alert Types
p739
sVuiStateJSON
p740
V{}
p741
sVversion
p742
I1
sVkibanaSavedObjectMeta
p743
(dp744
VsearchSourceJSON
p745
V{"index":"snort*","query":{"query_string":{"query":"*","analyze_wildcard":true}},"filter":[]}
p746
sssV_index
p747
V.kibana
p748
sa(dp749
V_score
p750
F1
sV_type
p751
Vvisualization
p752
sV_id
p753
VFrequent-DNS-Queries
p754
sV_source
p755
(dp756
VvisState
p757
V{"title":"Frequent DNS Requests","type":"table","params":{"perPage":10,"showPartialRows":false,"showMeticsAtAllLevels":false},"aggs":[{"id":"1","type":"count","schema":"metric","params":{}},{"id":"2","type":"terms","schema":"bucket","params":{"field":"query","size":5,"order":"desc","orderBy":"1"}}],"listeners":{}}
p758
sVdescription
p759
V
sVtitle
p760
VFrequent DNS Requests
p761
sVuiStateJSON
p762
V{}
p763
sVversion
p764
I1
sVkibanaSavedObjectMeta
p765
(dp766
VsearchSourceJSON
p767
V{"index":"bro*","query":{"query_string":{"query":"*","analyze_wildcard":true}},"filter":[]}
p768
sssV_index
p769
V.kibana
p770
sa(dp771
V_score
p772
F1
sV_type
p773
Vvisualization
p774
sV_id
p775
VDNS-Request(s)
p776
sV_source
p777
(dp778
VvisState
p779
V{"title":"DNS Requests","type":"metric","params":{"handleNoResults":true,"fontSize":60},"aggs":[{"id":"1","type":"count","schema":"metric","params":{}}],"listeners":{}}
p780
sVdescription
p781
V
sVtitle
p782
VDNS Requests
p783
sVuiStateJSON
p784
V{}
p785
sVversion
p786
I1
sVsavedSearchId
p787
Vdns-search
p788
sVkibanaSavedObjectMeta
p789
(dp790
VsearchSourceJSON
p791
V{"filter":[]}
p792
sssV_index
p793
V.kibana
p794
sa(dp795
V_score
p796
F1
sV_type
p797
Vvisualization
p798
sV_id
p799
VHTTP(S)-Requests
p800
sV_source
p801
(dp802
VvisState
p803
V{"title":"Web Requests","type":"metric","params":{"handleNoResults":true,"fontSize":60},"aggs":[{"id":"1","type":"count","schema":"metric","params":{}}],"listeners":{}}
p804
sVdescription
p805
V
sVtitle
p806
VWeb Requests
p807
sVuiStateJSON
p808
V{}
p809
sVversion
p810
I1
sVsavedSearchId
p811
Vweb-search
p812
sVkibanaSavedObjectMeta
p813
(dp814
VsearchSourceJSON
p815
V{"filter":[]}
p816
sssV_index
p817
V.kibana
p818
sa(dp819
V_score
p820
F1
sV_type
p821
Vvisualization
p822
sV_id
p823
VErrors-Over-Time
p824
sV_source
p825
(dp826
VvisState
p827
V{\u000a  "title": "Error Over Time",\u000a  "type": "line",\u000a  "params": {\u000a    "shareYAxis": true,\u000a    "addTooltip": true,\u000a    "addLegend": true,\u000a    "showCircles": true,\u000a    "smoothLines": false,\u000a    "interpolate": "linear",\u000a    "scale": "linear",\u000a    "drawLinesBetweenPoints": true,\u000a    "radiusRatio": 9,\u000a    "times": [],\u000a    "addTimeMarker": true,\u000a    "defaultYExtents": false,\u000a    "setYExtents": false,\u000a    "yAxis": {\u000a      "min": 0\u000a    }\u000a  },\u000a  "aggs": [\u000a    {\u000a      "id": "1",\u000a      "type": "count",\u000a      "schema": "metric",\u000a      "params": {}\u000a    },\u000a    {\u000a      "id": "2",\u000a      "type": "date_histogram",\u000a      "schema": "segment",\u000a      "params": {\u000a        "field": "timestamp",\u000a        "interval": "auto",\u000a        "customInterval": "2h",\u000a        "min_doc_count": 1,\u000a        "extended_bounds": {}\u000a      }\u000a    }\u000a  ],\u000a  "listeners": {}\u000a}
p828
sVdescription
p829
V
sVtitle
p830
VErrors Over Time
p831
sVuiStateJSON
p832
V{}
p833
sVversion
p834
I1
sVkibanaSavedObjectMeta
p835
(dp836
VsearchSourceJSON
p837
V{\u000a  "index": "error*",\u000a  "query": {\u000a    "query_string": {\u000a      "query": "*",\u000a      "analyze_wildcard": true\u000a    }\u000a  },\u000a  "filter": []\u000a}
p838
sssV_index
p839
V.kibana
p840
sa(dp841
V_score
p842
F1
sV_type
p843
Vvisualization
p844
sV_id
p845
VError-Source-Proportion
p846
sV_source
p847
(dp848
VvisState
p849
V{\u000a  "title": "Sensor Type Proportion",\u000a  "type": "pie",\u000a  "params": {\u000a    "shareYAxis": true,\u000a    "addTooltip": true,\u000a    "addLegend": true,\u000a    "isDonut": false\u000a  },\u000a  "aggs": [\u000a    {\u000a      "id": "1",\u000a      "type": "count",\u000a      "schema": "metric",\u000a      "params": {}\u000a    },\u000a    {\u000a      "id": "2",\u000a      "type": "terms",\u000a      "schema": "segment",\u000a      "params": {\u000a        "field": "failed_sensor_type",\u000a        "size": 5,\u000a        "order": "desc",\u000a        "orderBy": "1",\u000a        "customLabel": "Sensor"\u000a      }\u000a    }\u000a  ],\u000a  "listeners": {}\u000a}
p850
sVdescription
p851
V
sVtitle
p852
VError Source Proportion
p853
sVuiStateJSON
p854
V{}
p855
sVversion
p856
I1
sVkibanaSavedObjectMeta
p857
(dp858
VsearchSourceJSON
p859
V{\u000a  "index": "error*",\u000a  "query": {\u000a    "query_string": {\u000a      "query": "*",\u000a      "analyze_wildcard": true\u000a    }\u000a  },\u000a  "filter": []\u000a}
p860
sssV_index
p861
V.kibana
p862
sa(dp863
V_score
p864
F1
sV_type
p865
Vindex-pattern
p866
sV_id
p867
Verror*
p868
sV_source
p869
(dp870
Vfields
p871
V[{"name":"exception","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"stack","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"_index","type":"string","count":0,"scripted":false,"indexed":false,"analyzed":false,"doc_values":false},{"name":"error_hash","type":"string","count":1,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"raw_message","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"message","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"failed_sensor_type","type":"string","count":1,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"hostname","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"source:type","type":"string","count":1,"scripted":false,"indexed":true,"analyzed":true,"doc_values":false},{"name":"error_type","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"error_fields","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"_source","type":"_source","count":0,"scripted":false,"indexed":false,"analyzed":false,"doc_values":false},{"name":"raw_message_bytes","type":"string","count":0,"scripted":false,"indexed":false,"analyzed":false,"doc_values":false},{"name":"timestamp","type":"date","count":1,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"_id","type":"string","count":0,"scripted":false,"indexed":false,"analyzed":false,"doc_values":false},{"name":"_type","type":"string","count":0,"scripted":false,"indexed":false,"analyzed":false,"doc_values":false},{"name":"_score","type":"number","count":0,"scripted":false,"indexed":false,"analyzed":false,"doc_values":false}]
p872
sVtimeFieldName
p873
Vtimestamp
p874
sVtitle
p875
Verror*
p876
ssV_index
p877
V.kibana
p878
sa(dp879
V_score
p880
F1
sV_type
p881
Vvisualization
p882
sV_id
p883
VError-Date-Histogram
p884
sV_source
p885
(dp886
VvisState
p887
V{"title":"New Visualization","type":"histogram","params":{"shareYAxis":true,"addTooltip":true,"addLegend":true,"scale":"linear","mode":"stacked","times":[],"addTimeMarker":false,"defaultYExtents":false,"setYExtents":false,"yAxis":{}},"aggs":[{"id":"1","type":"count","schema":"metric","params":{}},{"id":"2","type":"date_histogram","schema":"segment","params":{"field":"timestamp","interval":"auto","customInterval":"2h","min_doc_count":1,"extended_bounds":{},"customLabel":"Time"}}],"listeners":{}}
p888
sVdescription
p889
V
sVtitle
p890
VError Date Histogram
p891
sVuiStateJSON
p892
V{}
p893
sVversion
p894
I1
sVsavedSearchId
p895
VErrors
p896
sVkibanaSavedObjectMeta
p897
(dp898
VsearchSourceJSON
p899
V{"filter":[]}
p900
sssV_index
p901
V.kibana
p902
sa(dp903
V_score
p904
F1
sV_type
p905
Vdashboard
p906
sV_id
p907
VMetron-Error-Dashboard
p908
sV_source
p909
(dp910
Vhits
p911
I0
sVtimeRestore
p912
I00
sVdescription
p913
V
sVtitle
p914
VMetron Error Dashboard
p915
sVuiStateJSON
p916
V{"P-2":{"vis":{"legendOpen":true}},"P-23":{"vis":{"colors":{"amb3.service.consul":"#629E51","host":"#629E51","host2":"#9AC48A","hostAnother":"#7EB26D","hostNew":"#B7DBAB"}}},"P-3":{"vis":{"colors":{"fourth":"#1F78C1","new_error":"#BADFF4","test_error":"#82B5D8"}}},"P-5":{"vis":{"colors":{"another_new_parser_error":"#806EB7","new_parser_error":"#AEA2E0","parser_error":"#614D93"}}}}
p917
sVpanelsJSON
p918
V[{"col":5,"id":"Errors-By-Error-Type","panelIndex":2,"row":9,"size_x":8,"size_y":3,"type":"visualization"},{"col":1,"id":"Error-Source-Proportion","panelIndex":3,"row":9,"size_x":4,"size_y":3,"type":"visualization"},{"col":5,"id":"Errors-By-Source-Type","panelIndex":4,"row":12,"size_x":8,"size_y":3,"type":"visualization"},{"col":1,"id":"Error-Type-Proportion","panelIndex":5,"row":12,"size_x":4,"size_y":3,"type":"visualization"},{"col":8,"id":"Unique-Error-Messages","panelIndex":19,"row":1,"size_x":4,"size_y":2,"type":"visualization"},{"col":3,"id":"Total-Error-Messages","panelIndex":20,"row":1,"size_x":4,"size_y":2,"type":"visualization"},{"col":5,"id":"Errors-By-Hostname","panelIndex":22,"row":15,"size_x":8,"size_y":3,"type":"visualization"},{"col":1,"id":"Error-Hostname-Proportion","panelIndex":23,"row":15,"size_x":4,"size_y":3,"type":"visualization"},{"col":1,"columns":["failed_sensor_type","error_type","exception","hostname","message","raw_message","error_hash"],"id":"Errors","panelIndex":25,"row":18,"size_x":12,"size_y":7,"sort":["timestamp","desc"],"type":"search"},{"col":1,"id":"Error-Histogram-By-Sensor-Type","panelIndex":27,"row":3,"size_x":12,"size_y":3,"type":"visualization"},{"id":"Unique-Error-Histogram-By-Sensor-Type","type":"visualization","panelIndex":28,"size_x":12,"size_y":3,"col":1,"row":6}]
p919
sVoptionsJSON
p920
V{"darkTheme":false}
p921
sVversion
p922
I1
sVkibanaSavedObjectMeta
p923
(dp924
VsearchSourceJSON
p925
V{"filter":[{"query":{"query_string":{"analyze_wildcard":true,"query":"*"}}}]}
p926
sssV_index
p927
V.kibana
p928
sa(dp929
V_score
p930
F1
sV_type
p931
Vconfig
p932
sV_id
p933
V4.5.3
p934
sV_source
p935
(dp936
VbuildNum
p937
I9892
sVdefaultIndex
p938
Vbro*
p939
ssV_index
p940
V.kibana
p941
sa(dp942
V_score
p943
F1
sV_type
p944
Vsearch
p945
sV_id
p946
Vdns-search
p947
sV_source
p948
(dp949
Vsort
p950
(lp951
Vtimestamp
p952
aVdesc
p953
asVhits
p954
I0
sVdescription
p955
V
sVtitle
p956
VDNS Requests
p957
sVversion
p958
I1
sVkibanaSavedObjectMeta
p959
(dp960
VsearchSourceJSON
p961
V{"index":"bro*","query":{"query_string":{"query":"protocol: dns","analyze_wildcard":true}},"filter":[],"highlight":{"pre_tags":["@kibana-highlighted-field@"],"post_tags":["@/kibana-highlighted-field@"],"fields":{"*":{}},"require_field_match":false,"fragment_size":2147483647}}
p962
ssVcolumns
p963
(lp964
Vquery
p965
aVqtype_name
p966
aVanswers
p967
aVip_src_addr
p968
aVip_dst_addr
p969
assV_index
p970
V.kibana
p971
sa(dp972
V_score
p973
F1
sV_type
p974
Vvisualization
p975
sV_id
p976
VDNS-Requests-Header
p977
sV_source
p978
(dp979
VvisState
p980
V{"aggs":[],"listeners":{},"params":{"markdown":"[Bro](https://www.bro.org/) is extracting DNS requests and responses being made over the network. Understanding who is making those requests, the frequency, and types can provide a deep understanding of the actors present on the network."},"title":"DNS Requests","type":"markdown"}
p981
sVdescription
p982
V
sVtitle
p983
VDNS Requests
p984
sVuiStateJSON
p985
V{}
p986
sVversion
p987
I1
sVkibanaSavedObjectMeta
p988
(dp989
VsearchSourceJSON
p990
V{"query":{"query_string":{"analyze_wildcard":true,"query":"*"}},"filter":[]}
p991
sssV_index
p992
V.kibana
p993
sa(dp994
V_score
p995
F1
sV_type
p996
Vvisualization
p997
sV_id
p998
VYAF-Flows-Header
p999
sV_source
p1000
(dp1001
VvisState
p1002
V{"title":"YAF","type":"markdown","params":{"markdown":"[YAF](https://tools.netsa.cert.org/yaf/yaf.html) can be used to generate Netflow-like flow records.  These flow records provide significant visibility of the actors communicating over the target network."},"aggs":[],"listeners":{}}
p1003
sVdescription
p1004
V
sVtitle
p1005
VYAF
p1006
sVuiStateJSON
p1007
V{}
p1008
sVversion
p1009
I1
sVkibanaSavedObjectMeta
p1010
(dp1011
VsearchSourceJSON
p1012
V{"query":{"query_string":{"analyze_wildcard":true,"query":"*"}},"filter":[]}
p1013
sssV_index
p1014
V.kibana
p1015
sa(dp1016
V_score
p1017
F1
sV_type
p1018
Vvisualization
p1019
sV_id
p1020
VTop-5-Exceptions
p1021
sV_source
p1022
(dp1023
VvisState
p1024
V{"title":"Top-5 Exceptions","type":"histogram","params":{"shareYAxis":true,"addTooltip":true,"addLegend":true,"scale":"linear","mode":"stacked","times":[],"addTimeMarker":false,"defaultYExtents":false,"setYExtents":false,"yAxis":{}},"aggs":[{"id":"1","type":"count","schema":"metric","params":{}},{"id":"2","type":"terms","schema":"segment","params":{"field":"exception","size":5,"order":"desc","orderBy":"1","customLabel":"Exceptions"}}],"listeners":{}}
p1025
sVdescription
p1026
V
sVtitle
p1027
VTop-5 Exceptions
p1028
sVuiStateJSON
p1029
V{}
p1030
sVversion
p1031
I1
sVkibanaSavedObjectMeta
p1032
(dp1033
VsearchSourceJSON
p1034
V{"index":"error*","query":{"query_string":{"query":"*","analyze_wildcard":true}},"filter":[]}
p1035
sssV_index
p1036
V.kibana
p1037
sa(dp1038
V_score
p1039
F1
sV_type
p1040
Vvisualization
p1041
sV_id
p1042
VFrequent-DNS-Requests
p1043
sV_source
p1044
(dp1045
VvisState
p1046
V{"title":"Frequent DNS Requests","type":"table","params":{"perPage":10,"showPartialRows":false,"showMeticsAtAllLevels":false},"aggs":[{"id":"1","type":"count","schema":"metric","params":{}},{"id":"2","type":"terms","schema":"bucket","params":{"field":"query","size":5,"order":"desc","orderBy":"1","customLabel":"DNS Query"}}],"listeners":{}}
p1047
sVdescription
p1048
V
sVtitle
p1049
VFrequent DNS Requests
p1050
sVuiStateJSON
p1051
V{}
p1052
sVversion
p1053
I1
sVkibanaSavedObjectMeta
p1054
(dp1055
VsearchSourceJSON
p1056
V{"index":"bro*","query":{"query_string":{"query":"*","analyze_wildcard":true}},"filter":[]}
p1057
sssV_index
p1058
V.kibana
p1059
sa(dp1060
V_score
p1061
F1
sV_type
p1062
Vvisualization
p1063
sV_id
p1064
VCountry
p1065
sV_source
p1066
(dp1067
VvisState
p1068
V{"title":"By Country","type":"pie","params":{"shareYAxis":true,"addTooltip":true,"addLegend":true,"isDonut":false},"aggs":[{"id":"1","type":"count","schema":"metric","params":{}},{"id":"2","type":"terms","schema":"segment","params":{"field":"enrichments:geo:ip_src_addr:country","size":5,"order":"desc","orderBy":"1"}}],"listeners":{}}
p1069
sVdescription
p1070
V
sVtitle
p1071
VBy Country
p1072
sVuiStateJSON
p1073
V{}
p1074
sVversion
p1075
I1
sVkibanaSavedObjectMeta
p1076
(dp1077
VsearchSourceJSON
p1078
V{"index":["yaf*","bro*","snort*"],"query":{"query_string":{"query":"*","analyze_wildcard":true}},"filter":[]}
p1079
sssV_index
p1080
V.kibana
p1081
sa(dp1082
V_score
p1083
F1
sV_type
p1084
Vvisualization
p1085
sV_id
p1086
VTop-Destinations
p1087
sV_source
p1088
(dp1089
VvisState
p1090
V{"title":"Top Destinations","type":"table","params":{"perPage":10,"showPartialRows":false,"showMeticsAtAllLevels":false},"aggs":[{"id":"1","type":"count","schema":"metric","params":{}},{"id":"2","type":"terms","schema":"bucket","params":{"field":"ip_dst_addr","size":10,"order":"desc","orderBy":"1","customLabel":"Destination IP"}}],"listeners":{}}
p1091
sVdescription
p1092
V
sVtitle
p1093
VTop Destinations
p1094
sVuiStateJSON
p1095
V{}
p1096
sVversion
p1097
I1
sVkibanaSavedObjectMeta
p1098
(dp1099
VsearchSourceJSON
p1100
V{"index":["yaf*","bro*","snort*"],"query":{"query_string":{"query":"*","analyze_wildcard":true}},"filter":[]}
p1101
sssV_index
p1102
V.kibana
p1103
sa(dp1104
V_score
p1105
F1
sV_type
p1106
Vvisualization
p1107
sV_id
p1108
VUnusual-Referrers
p1109
sV_source
p1110
(dp1111
VvisState
p1112
V{"title":"Unusual Referrers","type":"table","params":{"perPage":10,"showPartialRows":false,"showMeticsAtAllLevels":false},"aggs":[{"id":"1","type":"count","schema":"metric","params":{}},{"id":"2","type":"significant_terms","schema":"bucket","params":{"field":"referrer","size":5,"customLabel":"Top 5 Unusual Referrers"}}],"listeners":{}}
p1113
sVdescription
p1114
V
sVtitle
p1115
VUnusual Referrers
p1116
sVuiStateJSON
p1117
V{}
p1118
sVversion
p1119
I1
sVsavedSearchId
p1120
Vweb-search
p1121
sVkibanaSavedObjectMeta
p1122
(dp1123
VsearchSourceJSON
p1124
V{"filter":[]}
p1125
sssV_index
p1126
V.kibana
p1127
sa(dp1128
V_score
p1129
F1
sV_type
p1130
Vvisualization
p1131
sV_id
p1132
VUnique-Error-Histogram-By-Sensor-Type
p1133
sV_source
p1134
(dp1135
VvisState
p1136
V{"title":"Error Histogram By Sensor Type","type":"histogram","params":{"shareYAxis":true,"addTooltip":true,"addLegend":true,"scale":"linear","mode":"grouped","times":[],"addTimeMarker":false,"defaultYExtents":false,"setYExtents":false,"yAxis":{}},"aggs":[{"id":"1","type":"cardinality","schema":"metric","params":{"field":"error_hash"}},{"id":"2","type":"date_histogram","schema":"segment","params":{"field":"timestamp","interval":"auto","customInterval":"2h","min_doc_count":1,"extended_bounds":{},"customLabel":"Time"}},{"id":"3","type":"terms","schema":"group","params":{"field":"failed_sensor_type","size":5,"order":"desc","orderBy":"1"}}],"listeners":{}}
p1137
sVdescription
p1138
V
sVtitle
p1139
VUnique Error Histogram By Sensor Type
p1140
sVuiStateJSON
p1141
V{}
p1142
sVversion
p1143
I1
sVsavedSearchId
p1144
VErrors
p1145
sVkibanaSavedObjectMeta
p1146
(dp1147
VsearchSourceJSON
p1148
V{"filter":[]}
p1149
sssV_index
p1150
V.kibana
p1151
sa(dp1152
V_score
p1153
F1
sV_type
p1154
Vvisualization
p1155
sV_id
p1156
VFlow-Locations
p1157
sV_source
p1158
(dp1159
VvisState
p1160
V{"title":"Flow Locations","type":"tile_map","params":{"mapType":"Scaled Circle Markers","isDesaturated":true,"addTooltip":true,"heatMaxZoom":16,"heatMinOpacity":0.1,"heatRadius":25,"heatBlur":15,"heatNormalizeData":true,"wms":{"enabled":true,"url":"https://basemap.nationalmap.gov/arcgis/services/USGSTopo/MapServer/WMSServer","options":{"version":"1.3.0","layers":"0","format":"image/png","transparent":true,"attribution":"Maps provided by USGS","styles":""}}},"aggs":[{"id":"1","type":"count","schema":"metric","params":{}},{"id":"2","type":"geohash_grid","schema":"segment","params":{"field":"enrichments:geo:ip_dst_addr:location_point","autoPrecision":true,"precision":2}}],"listeners":{}}
p1161
sVdescription
p1162
V
sVtitle
p1163
VFlow Locations
p1164
sVuiStateJSON
p1165
V{}
p1166
sVversion
p1167
I1
sVkibanaSavedObjectMeta
p1168
(dp1169
VsearchSourceJSON
p1170
V{"index":["yaf*","bro*","snort*"],"query":{"query_string":{"query":"*","analyze_wildcard":true}},"filter":[]}
p1171
sssV_index
p1172
V.kibana
p1173
sa.